In the pursuit of Petya developers

While the global virtual community still calculates the losses inflicted by the NotPetya/Petya.A attack[1], the very malware seems to contain more secrets to unravel. While the very identify of Petya creator still remains unknown, Ukrainian police has managed to uncover one of the supposed distributors of the notorious threat.

51-year old Ukrainian citizen, Sergey Neverov attracted law enforcement institutions‘ attention after he published a video thoroughly explaining how to launch Petya.A on the device. It was a matter of time after the police forced conducted the search and found more evidence about the engagement in law violating activities. While Petya.A victims might rejoice hearing the news, the very case sparks rhetoric question: if Sergey Neverov is indeed one of the distributors, wasn't it too foolish to go public?

Too many loose ends in the case of NotPetya/Petya

Let us remind that the notorious NotPetya struck the world on June 27 affecting multiple companies and institutions globally. Further analysis revealed that the main culprit was the Ukrainian company specializing in the sales of accounting software M.E.Doc. The company (un)deliberately ignored warnings about the security flaws in their network which allowed the perpetrators to hack the system and spread the malware via the update system.

However, the discovery did not lead to the main culprits of the malware. The cases of Sergey Neverov and Marcus Hutchins[2], the founder of the WannaCry “kill switch,” imply that the cyber security institutions hopelessly attempt to find the puller of strings. But are they looking in the right place?

Looking for scapegoats?

Sergey Neverov is a resident of the Ukrainian Republic, who has been better known as video blogger with 11 527 YouTube subscribers behind his back. Besides videos on cyber security, he also published multiple videos on how to fix various household utilities.

In the video, which now may cost Neverov the custody, he tried to launch the sample of the original Petya.A malware.[3] After succeeding at the third attempt, the suspect also tested whether it is possible to restore files. While indeed his act of uploading the malware to his blog raises doubts about the initial intentions, the statement that Neverov is a cyber crook responsible for spreading the malware causes more doubts.

Ukrainian police seem to take the ample of computer equipment and the files of the malware as sufficient evidence. Furthermore, the law enforcement institution suspects that the supposed distributor, by “monitoring” the cyber networks of certain companies, infected their systems with the malware just to let them escape tax obligations. Yet again, such claims still need proof. At the moment, Sergey Neverov risks receiving three years imprisonment sentence.

Observing the case of HBO hackers[4], who professionally concealed their identity, Sergej Neverov “disguise” seems to be a complete failure. On the other hand, perhaps, accusing malware analysts of illegal activity, who indeed spend hours to curb global infection, reveals the hopelessness of law enforcement institutions’ to prevent the attack and find scapegoats instead?